package com.lld.crowdfunding.handler;

import com.lld.crowdfunding.entity.QuanXian;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.List;

/**
 * 权限检查控制器
 */

@Component
public class AuthorityIntercepter implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        HttpSession session = request.getSession();
        String str = request.getRequestURI().substring(1);
        String str_quanxian = session.getAttribute("quanxian").toString();
        if(str_quanxian.contains(str)) {
            return true;
        }

        if(str.startsWith("user/") && str_quanxian.contains("userManager.html")) {
            return true;
        }

        response.sendRedirect("/noAuthority");
        return false;
    }
}
